Jump to content

session persisting across browser close AND session_destroys

adcworks

By adcworks
in PHP Coding Help

Recommended Posts

adcworks Newbie

adcworks

Posted
Posted
hi guys, this is a really odd problem i am having here, and one which i have never in my years of php development seen before hm. embarrassing.

i have a form that requires a user login and a successful login adds a user object into the session. the form only displays the login fields when there is no session user object.

the problem is, i can never login again, in that every time i hit the form page, it shows that i am already logged in (from that session check). i have closed all my browser instances and go back, and it's still logged in. i debugged out session_id and even when i reopen browsers i am always getting the same session id.

so here is something really interesting ... i added a logout button to the form which calls session_destroy(). this has no effect whatsoever and nor does session_unset.

session.cookie_lifetime = 0, so sessions ought to die on browser close.

some more interesting things I have noticed. the problem occurs on both IE7 and FireFox in that once I have logged in once, the logout (session_destroy) has no effect. HOWEVER in FireFox, a browser close *does* cause the login prompts to appear the next time.

And *finally* if I do a cookie clear in IE 7's tools, then when I start a new browser, the login works again!!

So the problem summarised appears to be that IE7 is not clearing the session cookie when I close the browser down and only works when I do it from the tools menu, whereas FireFox does clear the cookies. However in BOTH IE7 and FireFox session_destroy/unset does not work in unsetting the user object.

Any ideas at all?
adcworks Newbie

adcworks

Posted
  • Author
Posted
2 things to note

a) the problem with the logout link I determined as my fault, i had not done session_start before session_unset, so that works when i explicitly call session_unset now

b) the problem appears to be IE7 only and sessions do persist over time and browser instances. i have written a small test case that proves this for my own machine setup posted below

basically, the first time i ran this in IE7 the message "old value" was printed. Now, regardless of closing all browsers down when I run the script it gives always "new value".

[code]<?
class MyClass {
var $value;
function __construct() {
$value = "old value";
}
function getValue() {
return $this->value;
}
function setValue($value) {
$this->value = $value;
}
}
session_start();
if (isset($_SESSION['myclass'])) {
$class = $_SESSION['myclass'];
} else {
$class = new MyClass();
$class->setValue("new value");
$_SESSION['myclass'] = $class;
}

echo $class->getValue();
?>[/code]
adcworks Newbie

adcworks

Posted
  • Author
Posted
that code actually proves nothing, it works as expected on my machine. i think the problem must be related to something else, it's difficult to post the full code of my setup as it's a complex multi-script system with AJAX also used.

sigh .. i will just have to debug :)

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.